From 479cb90eac59722328ad7c7effc76b7ea76741af Mon Sep 17 00:00:00 2001
From: Arne Baeumler <arne@br0tkasten.de>
Date: Sat, 13 Nov 2021 22:02:05 +0100
Subject: [PATCH] initial content

---
 .gitignore                              |   1 +
 .gitmodules                             |   3 +
 .hugo_build.lock                        |   0
 archetypes/default.md                   |   6 +
 config.toml                             | 264 ++++++++++++++++++++++++
 content/knowledge/apache-httpd.md       |  18 ++
 content/knowledge/lets-encrypt.md       |  89 ++++++++
 content/knowledge/lxc/lxc-networking.md |  83 ++++++++
 content/knowledge/mail.md               |  31 +++
 content/knowledge/matrix-chat-server.md | 147 +++++++++++++
 content/knowledge/tiptoi.md             |  20 ++
 themes/LoveIt                           |   1 +
 12 files changed, 663 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 .gitmodules
 create mode 100644 .hugo_build.lock
 create mode 100644 archetypes/default.md
 create mode 100644 config.toml
 create mode 100644 content/knowledge/apache-httpd.md
 create mode 100644 content/knowledge/lets-encrypt.md
 create mode 100644 content/knowledge/lxc/lxc-networking.md
 create mode 100644 content/knowledge/mail.md
 create mode 100644 content/knowledge/matrix-chat-server.md
 create mode 100644 content/knowledge/tiptoi.md
 create mode 160000 themes/LoveIt

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..59ec5ff
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+resources/*
diff --git a/.gitmodules b/.gitmodules
new file mode 100644
index 0000000..a6f32d0
--- /dev/null
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "themes/LoveIt"]
+	path = themes/LoveIt
+	url = https://github.com/dillonzq/LoveIt.git
diff --git a/.hugo_build.lock b/.hugo_build.lock
new file mode 100644
index 0000000..e69de29
diff --git a/archetypes/default.md b/archetypes/default.md
new file mode 100644
index 0000000..00e77bd
--- /dev/null
+++ b/archetypes/default.md
@@ -0,0 +1,6 @@
+---
+title: "{{ replace .Name "-" " " | title }}"
+date: {{ .Date }}
+draft: true
+---
+
diff --git a/config.toml b/config.toml
new file mode 100644
index 0000000..eb6472d
--- /dev/null
+++ b/config.toml
@@ -0,0 +1,264 @@
+baseURL = "https://hugo.br0tkasten.de/"
+languageCode = "en-us"
+title = "br0tkasten.de"
+theme = "LoveIt"
+publishdir = "/var/www/localhost/htdocs"
+
+[menu]
+  [[menu.main]]
+    identifier = "knowledge"
+    name = "Knowledge"
+    url = "/knowledge/"
+    title = ""
+    weight = 1
+
+[params]
+  version = "0.2.X"
+  description = "br0tkasten.de - just my two cents"
+  defaultTheme = "auto"
+  dateFormat = "2006-01-02"
+
+  [params.app]
+    title = "br0tkasten.de"
+    noFavicon = false
+    svgFavicon = ""
+    themeColor = "#ffffff"
+    iconColor = "#5bbad5"
+    tileColor = "#da532c"
+
+  [params.search]
+    enable = true
+    type = "lunr"
+    contentLength = 4000
+    placeholder = ""
+    maxResultLength = 10
+    snippetLength = 30
+    highlightTag = "em"
+    absoluteURL = false
+    [params.search.algolia]
+      index = ""
+      appID = ""
+      searchKey = ""
+
+  [params.header]
+    desktopMode = "fixed"
+    mobileMode = "auto"
+
+  [params.footer]
+    enable = true
+    custom = ''
+    hugo = true
+    copyright = true
+    author = true
+    since = 2021
+    license = '<a rel="license external nofollow noopener noreffer" href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank">CC BY-NC 4.0</a>'
+
+  [params.section]
+    paginate = 20
+    dateFormat = "01-02"
+    rss = 10
+
+  [params.list]
+    paginate = 20
+    dateFormat = "01-02"
+    rss = 10
+
+  [params.home]
+    rss = 10
+    [params.home.profile]
+      enable = true
+      gravatarEmail = "arne@br0tkasten.de"
+      title = "just my two cents"
+      subtitle = ""
+      typeit = true
+      social = true
+      disclaimer = ""
+    [params.home.posts]
+      enable = true
+      paginate = 6
+      defaultHiddenFromHomePage = false
+
+  [params.social]
+    GitHub = "br0tkasten"
+    Twitter = "bk98827187"
+    Gitea = "https://git.br0tkasten.de/br0tkasten"
+    Matrix = "@arne:matrix.br0tkasten.de"
+    Email = "arne@br0tkasten.de"
+    RSS = true # LoveIt NEW | 0.2.0
+
+  # LoveIt CHANGED | 0.2.0 Page config
+  [params.page]
+    hiddenFromHomePage = false
+    hiddenFromSearch = false
+    twemoji = false
+    lightgallery = false
+    ruby = true
+    fraction = true
+    fontawesome = true
+    linkToMarkdown = true
+    rssFullText = false
+    [params.page.toc]
+      enable = true
+      keepStatic = true
+      auto = true
+    [params.page.math]
+      enable = true
+      blockLeftDelimiter = ""
+      blockRightDelimiter = ""
+      inlineLeftDelimiter = ""
+      inlineRightDelimiter = ""
+      copyTex = true
+      mhchem = true
+    [params.page.code]
+      copy = true
+      maxShownLines = 10
+    [params.page.mapbox]
+      accessToken = ""
+      lightStyle = "mapbox://styles/mapbox/light-v9"
+      darkStyle = "mapbox://styles/mapbox/dark-v9"
+      navigation = true
+      geolocate = true
+      scale = true
+      fullscreen = true
+    [params.page.share]
+      enable = true
+      Twitter = true
+      Facebook = false
+      Linkedin = false
+      Whatsapp = true
+      Pinterest = false
+      Tumblr = false
+      HackerNews = false
+      Reddit = false
+      VK = false
+      Buffer = false
+      Xing = false
+      Line = true
+      Instapaper = false
+      Pocket = false
+      Digg = false
+      Stumbleupon = false
+      Flipboard = false
+      Weibo = false
+      Renren = false
+      Myspace = false
+      Blogger = false
+      Baidu = false
+      Odnoklassniki = false
+      Evernote = false
+      Skype = false
+      Trello = false
+      Mix = false
+    [params.page.comment]
+      enable = true
+    [params.page.library]
+      [params.page.library.css]
+        # someCSS = "some.css"
+        # located in "assets/"
+        # Or
+        # someCSS = "https://cdn.example.com/some.css"
+      [params.page.library.js]
+        # someJavascript = "some.js"
+        # located in "assets/"
+        # Or
+        # someJavascript = "https://cdn.example.com/some.js"
+    # LoveIt CHANGED | 0.2.10 Page SEO config
+    [params.page.seo]
+      images = []
+      [params.page.seo.publisher]
+        name = ""
+        logoUrl = ""
+
+  [params.typeit]
+    speed = 100
+    cursorSpeed = 1000
+    cursorChar = "|"
+    duration = -1
+
+  [params.verification]
+    google = ""
+    bing = ""
+    yandex = ""
+    pinterest = ""
+    baidu = ""
+
+  [params.seo]
+    image = ""
+    thumbnailUrl = ""
+
+  [params.analytics]
+    enable = false
+
+  [params.cookieconsent]
+    enable = true
+    [params.cookieconsent.content]
+      message = ""
+      dismiss = ""
+      link = ""
+
+  [params.cdn]
+    data = ""
+
+  [params.compatibility]
+    polyfill = false
+    objectFit = false
+
+[markup]
+  [markup.highlight]
+    codeFences = true
+    guessSyntax = true
+    lineNos = true
+    lineNumbersInTable = true
+    # false is a necessary configuration
+    # (https://github.com/dillonzq/LoveIt/issues/158)
+    noClasses = false
+  [markup.goldmark]
+    [markup.goldmark.extensions]
+      definitionList = true
+      footnote = true
+      linkify = true
+      strikethrough = true
+      table = true
+      taskList = true
+      typographer = true
+    [markup.goldmark.renderer]
+      unsafe = true
+  [markup.tableOfContents]
+    startLevel = 2
+    endLevel = 6
+
+[author]
+  name = "br0tkasten"
+  email = "arne@br0tkasten.de"
+  link = ""
+
+[sitemap]
+  changefreq = "weekly"
+  filename = "sitemap.xml"
+  priority = 0.5
+
+[Permalinks]
+  # posts = ":year/:month/:filename"
+  posts = ":filename"
+
+[privacy]
+  [privacy.twitter]
+    enableDNT = true
+  [privacy.youtube]
+    privacyEnhanced = true
+
+[mediaTypes]
+  [mediaTypes."text/plain"]
+    suffixes = ["md"]
+
+[outputFormats.MarkDown]
+  mediaType = "text/plain"
+  isPlainText = true
+  isHTML = false
+
+[outputs]
+  home = ["HTML", "RSS", "JSON"]
+  page = ["HTML", "MarkDown"]
+  section = ["HTML", "RSS"]
+  taxonomy = ["HTML", "RSS"]
+  taxonomyTerm = ["HTML"]
diff --git a/content/knowledge/apache-httpd.md b/content/knowledge/apache-httpd.md
new file mode 100644
index 0000000..7c174fc
--- /dev/null
+++ b/content/knowledge/apache-httpd.md
@@ -0,0 +1,18 @@
+---
+title: "Apache httpd configs"
+date: 2021-11-13
+---
+
+# HTTP proxy with Digest Auth
+
+```
+<Proxy *>
+  AuthType Digest
+  AuthName "mrtg"
+  AuthUserFile "/etc/httpd/conf/mrtg.htdigest"
+  Require valid-user
+</Proxy>
+
+ProxyPass / http://mrtg.lxc.br0tkasten.de/
+ProxyPassReverse / http://mrtg.lxc.br0tkasten.de/
+```
diff --git a/content/knowledge/lets-encrypt.md b/content/knowledge/lets-encrypt.md
new file mode 100644
index 0000000..bcf1d6e
--- /dev/null
+++ b/content/knowledge/lets-encrypt.md
@@ -0,0 +1,89 @@
+---
+title: 'Let''s Encrypt'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+## create certificate
+```
+certbot certonly --email contact@br0tkasten.de --webroot -w /var/www/certbot/htdocs -d log.br0tkasten.de
+```
+
+## Apache config
+Default VirtualHost for HTTP (Port 80) mapping /.well-known/acme-challenge of any domain hosted on my webserver
+to the same location in filesystem (/var/www/certbot/htdocs/.well-known/acme-challenge/)
+This makes renew and create certificates very easy.
+
+```
+<VirtualHost 185.170.112.162:80 [2a03:4000:15:68::1]:80>
+        CustomLog /var/log/httpd/access.log combined
+        ErrorLog /var/log/httpd/error.log
+
+        Alias /.well-known/acme-challenge/ /var/www/certbot/htdocs/.well-known/acme-challenge/
+        <Location "/.well-known/acme-challenge">
+                Require all granted
+                Options None
+                AllowOverride None
+                ForceType text/plain
+                RedirectMatch 404 "^(?!/\.well-known/acme-challenge/[\w-]{43}$)"
+        </Location>
+
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge [NC]
+        RewriteCond %{HTTPS} off
+        RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [last,redirect=301]
+</VirtualHost>
+```
+
+## renew certificates
+### systemd service
+```
+cat > /etc/systemd/system/certbot.service << EOF
+[Unit]
+Description=Let's Encrypt renewal
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew --quiet --agree-tos
+EOF
+```
+
+### systemd timer
+```
+[Unit]
+Description=Twice daily renewal of Let's Encrypt's certificates
+
+[Timer]
+OnCalendar=0/12:00:00
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+```
+
+### enable certbot timer
+```
+systemctl start certbot.timer
+systemctl enable certbot.timer
+```
+
+## renewal hooks
+
+### restart httpd after renewal
+```
+cat > /etc/letsencrypt/renewal-hooks/httpd.sh << EOF
+#!/bin/sh
+
+systemctl restart httpd
+EOF
+```
+
+### restart mail container
+```
+cat > /etc/letsencrypt/renewal-hooks/mail.sh << EOF
+#!/bin/sh
+
+lxc-stop -r -n 'mail'
+EOF
+```
diff --git a/content/knowledge/lxc/lxc-networking.md b/content/knowledge/lxc/lxc-networking.md
new file mode 100644
index 0000000..23eb0f4
--- /dev/null
+++ b/content/knowledge/lxc/lxc-networking.md
@@ -0,0 +1,83 @@
+---
+title: 'LXC Networking'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# LXC network configurations
+
+## create network bridge
+```
+brctl add br0
+```
+
+## add virtual ethernet interface to container 
+
+Add the following lines to _/var/lib/lxc/container/config_
+```
+lxc.net.0.type  = veth
+lxc.net.0.link  = br0
+lxc.net.0.flags = up
+lxc.net.0.name  = eth0
+```
+
+## iptables
+### port forwarding
+iptables (IPv4) and ip6tables (IPv6) DNAT target to forward services to container.
+
+```
+iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT \
+        --to-destination 10.3.0.31:8448
+```
+
+### masquerading
+Translate outgoing traffic from container to public IP address
+
+```
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+```
+
+## IPv6
+### network configuration
+#### host 
+```
+ip addr add fd00::1/8 dev br0
+```
+```
+cat > /etc/sysctl.d/ipv6-forwarding.conf <<EOF
+net.ipv6.conf.eth0.accept_ra = 2
+net.ipv6.conf.br0.accept_ra = 2
+net.ipv6.conf.default.accept_ra = 2
+net.ipv6.conf.all.accept_ra = 2
+
+net.ipv6.conf.all.forwarding = 1
+net.ipv6.conf.default.forwarding = 1
+net.ipv6.conf.eth0.forwarding = 1
+net.ipv6.conf.br0.forwarding = 1
+EOF
+```
+
+#### container
+```
+ip addr add fd00::20:1/64 dev eth0
+ip route add default via fd00::1 dev eth0
+```
+
+### port forwarding
+```
+ip6tables \
+  -t nat \
+  -A PREROUTING \
+  -d 2a03:4000:15:68::20/128 \
+  -i eth0 \
+  -p tcp \
+  -m tcp \
+  --dport 587 \
+  -j DNAT \
+  --to-destination [fd00::20:1]:587
+```
+
+### masquerade
+```
+ip6tables -t nat -A POSTROUTING -s fd00::20:1/128 -o eth0 -j SNAT --to-source 2a03:4000:15:68::20
+```
diff --git a/content/knowledge/mail.md b/content/knowledge/mail.md
new file mode 100644
index 0000000..6fef9d2
--- /dev/null
+++ b/content/knowledge/mail.md
@@ -0,0 +1,31 @@
+---
+title: Mail
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+Stuff to know about mail
+## Fetchmail
+
+fetchmail pop.gmx.net --ssl --verbose --username _username_ --protocol pop3
+
+## SMTP via Telnet
+### query MX record (mailserver)
+
+dig mx br0tkasten.de
+
+### connect to mailservice @ mailserver
+
+telnet mail.br0tkasten.de 25
+
+### send testmail
+
+ehlo barbecue.com
+MAIL FROM: root@barbecue.com
+RCPT TO: info@br0tkasten.de
+DATA
+Subject: Bla fasel
+
+Das ist eine Testmail
+.
+QUIT
diff --git a/content/knowledge/matrix-chat-server.md b/content/knowledge/matrix-chat-server.md
new file mode 100644
index 0000000..8d66514
--- /dev/null
+++ b/content/knowledge/matrix-chat-server.md
@@ -0,0 +1,147 @@
+---
+title: 'Matrix Chat Server'
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# Matrix Chat Server
+## Synpase
+
+To install matrix.org reference server synapse on Alpine-Linux the following steps are neccessary. In my case alpine-linux is running within an LXC container on my server.
+
+### Install prerequisite packages
+```
+apk add \
+  python2 \
+  py2-pip \
+  py-setuptools \
+  py-virtualenv \
+  sqlite \
+  py2-pysqlite \
+  py2-psycopg \
+  postgresql-dev \
+  py2-cffi \
+  libffi-dev \
+  alpine-sdk \
+  sqlite-dev \
+  python2-dev \
+  linux-headers \
+  zlib-dev \
+  jpeg-dev
+```
+### install synapse
+
+According to https://github.com/matrix-org/synapse#synapse-installation the recomendet installation procedure is within an python virtualenv environment.
+```
+virtualenv -p python2.7 /opt/synapse
+. /opt/synapse/bin/activate
+cd /opt/synapse
+pip install --upgrade pip
+pip install --upgrade setuptools
+pip install https://github.com/matrix-org/synapse/tarball/master
+```
+### create default configuration homeserver.yaml
+```
+python \
+    -m synapse.app.homeserver \
+    --server-name matrix.br0tkasten.de \
+    --config-path homeserver.yaml \
+    --generate-config \
+    --report-stats=yes
+```
+### start synapse
+```
+synctl start
+open-rc start script
+```
+
+### create system user
+```
+adduser -S matrix
+chown -Rf matrix /opt/synapse
+```
+### virtualenv wraper script
+```
+mkdir -p /opt/sbin
+cat > /opt/sbin/synapse.sh << EOF
+#!/bin/sh
+
+. /opt/synapse/bin/activate
+
+cd /opt/synapse
+synctl start
+EOF
+chmod 0755 /opt/sbin/synapse.sh
+```
+### open-rc init script
+```
+cat > /etc/init.d/synapse << EOF
+#!/sbin/openrc-run
+
+name=$RC_SVCNAME
+command="/opt/sbin/synapse.sh"
+command_user="matrix"
+pidfile="/opt/synapse/homeserver.pid"
+
+depend() {
+       need net
+}
+
+start() {
+    ebegin "Starting $name"
+    start-stop-daemon --start \
+        --user $command_user \
+        --exec $command \
+        --pidfile $pidfile 
+    eend $?
+}
+
+stop() {
+        ebegin "Stopping $name"
+        start-stop-daemon --stop --user $command_user
+        eend $?
+}
+EOF
+chmod 0755 /etc/init.d/synapse
+```
+### enable init script
+```
+rc-update add synapse
+```
+## Administration
+### create user accounts
+```
+register_new_matrix_user -c homeserver.yaml http://matrix.br0tkasten.de:8008
+```
+## Additional
+### Expose local LXC containers ports
+#### Server-to-Server
+
+For Server-to-Server connections on Port 8448 it is recommended to expose the port directly using portforwarding. On my server I used iptables for this portforwarding
+```
+iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8448 -j DNAT --to-destination matrix.lxc.local:8448
+```
+#### Client connections
+
+In my setup an apache vhost is acting as https reverse proxy.
+```
+<VirtualHost 185.170.112.162:443>
+    ServerName matrix.br0tkasten.de:443
+    RewriteEngine on
+    SSLEngine On
+    SSLProtocol all
+    SSLProxyEngine On
+
+    SSLCertificateFile /etc/letsencrypt/live/matrix.br0tkasten.de/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/matrix.br0tkasten.de/privkey.pem
+
+    CustomLog /var/log/httpd/matrix/access.log combined
+    ErrorLog /var/log/httpd/matrix/error.log
+
+    ProxyPreserveHost On
+    ProxyRequests Off
+
+    ProxyPass / http://matrix.lxc.br0tkasten.de:8008/
+    ProxyPassReverse / http://matrix.lxc.br0tkasten.de:8008/
+</VirtualHost>
+```
diff --git a/content/knowledge/tiptoi.md b/content/knowledge/tiptoi.md
new file mode 100644
index 0000000..0f77d35
--- /dev/null
+++ b/content/knowledge/tiptoi.md
@@ -0,0 +1,20 @@
+---
+title: tiptoi
+date: 2021-11-13T15:06:57Z
+draft: false
+---
+
+# tiptoi
+## Download media files
+
+Goto http://www.tiptoi.com -> Choose book -> "Audiodatei manuell herunterladen"
+
+## Manually mount
+
+When connecting the pen to a computer using a mini USB cable dmesg will show a new storage device (e.g. /dev/sdc). According to '''parted''' partition table is of type '''loop'''. Linux will not show hardware devices to mount the partition (e.g. /dev/sdc1).
+
+To mount the filesystem use:
+
+```
+mount -t vfat -o loop,rw /dev/sdc /mnt
+```
diff --git a/themes/LoveIt b/themes/LoveIt
new file mode 160000
index 0000000..f787a4e
--- /dev/null
+++ b/themes/LoveIt
@@ -0,0 +1 @@
+Subproject commit f787a4e5ad4edf60467658d10c286248dc5027a6